Vulnerability Details CVE-2021-22645
Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a “load” command, which can be pointed to a .dll from a remote network share. As a result, the .dll entry point can be executed without sufficient UI warning.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.4%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf
- https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01
- https://www.zerodayinitiative.com/advisories/ZDI-21-323/
- https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf
- https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01
- https://www.zerodayinitiative.com/advisories/ZDI-21-323/
Products affected by CVE-2021-22645
-
cpe:2.3:a:luxion:keyshot:-
-
cpe:2.3:a:luxion:keyshot:10
-
cpe:2.3:a:luxion:keyshot_network_rendering:-
-
cpe:2.3:a:luxion:keyshot_viewer:-
-
cpe:2.3:a:luxion:keyvr:-
-
cpe:2.3:h:siemens:solid_edge_se2020:-
-
cpe:2.3:h:siemens:solid_edge_se2021:-
-
cpe:2.3:o:siemens:solid_edge_se2020_firmware:-
-
cpe:2.3:o:siemens:solid_edge_se2020_firmware:2020mp14
-
cpe:2.3:o:siemens:solid_edge_se2021_firmware:-
-
cpe:2.3:o:siemens:solid_edge_se2021_firmware:se2021mp15
-
cpe:2.3:o:siemens:solid_edge_se2021_firmware:se2021mp7